Session Loss

BrentNorin

I'm not real good around sessions, but I have gotten myself to use it as I need to. Sessions are working and carrying from each page no problem, as long as I have session_start() at the first line. However on one page, it links to another page inside itself. When it does this, I lose 2 of the 3 sessions. Anyone have an idea?

kburger

Originally posted by BrentNorin
However on one page, it links to another page inside itself.

What does that mean? Also, can we see the code on that/those page(s)?

BrentNorin

Sure. I'll keep whats relevant.

management.php

<?php
 session_start();
 if (!isset($_SESSION['username']) || !isset($_SESSION['pass']) || !isset($_SESSION['access'])) {
  header("Location: [url]http://papoukewis.onondaga36.org/login.php[/url]");
  exit;
 }
 if ($_SESSION['access'] != "3") {
  header("Location: [url]http://papoukewis.onondaga36.org/index.php[/url]");
  exit;
 }
 include('./includes/header.tpl');
 include('./includes/navigation.tpl');
 $mode = $_GET['mode'];
 $username = $_POST['username'];
 $userid = $_GET['id'];
 $password = $_POST['password'];
 $cpassword = $_POST['cpassword'];
 $email = $_POST['email'];
 $access = $_POST['access'];
 switch($mode) {
  case 0:
   include('./includes/management.tpl');
   break;

management.tpl

    <td class="body">
     <p class="newshead">Admin Management</p>
     <table class="nested">
      <?php
       include('./mysql.php');
       $place = @mysql_query("SELECT * FROM admins ORDER BY id DESC") or die("Couldn't Query: " . mysql_error());
       $num = @mysql_num_rows($place) or die("Failed Numbering Rows: " . mysql_error());
       for ($i = 0;$i < $num;$i++) {
        $row = @mysql_fetch_array($place) or die("Couldn't Array: " .  mysql_error());
        echo '<tr><td class="nested"><a href="./management.php?mode=1&id=' . $row["id"] . '">' . $row["username"] . '</a></td>';
        echo '<td class="nested"><a href="./management.php?mode=3&amp;id=' . $row["id"] . '">Change Password</a></td>';
        echo '<td class="nested"><a href="./management.php?mode=5&amp;id=' . $row["id"] . '">Change E-Mail</a></td>';
        echo '<td class="nested"><a href="./management.php?mode=7&amp;id=' . $row["id"] . '">Change Access: ' . $row["access"] . '</a></td>';
        echo '<td class="nested"><a href="./management.php?mode=11&amp;id=' . $row["id"] . '">Delete User</a></td></tr>';
       }
       echo '<tr><td class="nested" colspan="5" style="text-align: center"><a href="./management.php?mode=9">Add Administrator</a></td></tr>';
       mysql_close($connect);
      ?>

So what happens is pretty much you load management.php and and it includes management.tpl according to the case. You click on a link, and poof it asks you to login because the session was unset. The session dies when management.php is loaded, not when you click on the link. I know this because when I refresh management.php, I have to login.

May I say that this code works on another webserver. So theres something different between the two, but that could because my code is bad somewhere and one server is more lax than the other.

bradgrafelman

First of all, you've got parse errors. Look at the color-coding here:

 if (!isset($_SESSION['username']) || !isset($_SESSION['pass']) || !isset($_SESSION['access'])) { 
  header("Location: <a href="http://papoukewis.onondaga36.org/login.php" target="_blank">[url]http://papoukewis.onondaga36.org/login.php[/url]</a>"); 
  exit; 
 } 
 if ($_SESSION['access'] != "3") { 
  header("Location: <a href="http://papoukewis.onondaga36.org/index.php" target="_blank">[url]http://papoukewis.onondaga36.org/index.php[/url]</a>"); 
  exit; 
 }

Escape those double quotes in the HREF tags, or change the double quotes to single quotes like header('<a href="...">') or header("<a href='...'>").

HalfaBee

If you are changing the sessions and then using Header(), try using session_write_close() before the Header().

BrentNorin

The double quotes was not my mistake, but the forums mistake. The forum added the anchor tag. My code really looks like:

header("Location: http://papoukewis.onondaga36.org/login.php");

However that wasn't the problem. session_write_close() did fix my problem, but now I have questions.
Why do I need to do that?
What server config requires me to do that?
Can I change session info after that?

HalfaBee

www.php.net/session_write_close

The header() must bypass phps session closing on exit.

You can't change the session info after that function.

Not sure about why it works on one server and not on another, it may the the way php is run on each server.
Some servers run php as a cgi and others php as an apache mod.